Vice Society ransomware claims attack on Australian firefighting service
Australia’s Fire Rescue Victoria has disclosed a data breach caused by a December cyberattack that is now claimed by the Vice Society ransomware gang.
Fire Rescue Victoria (FRVP) is a fire and rescue service operating across 85 stations in the Australian state of Victoria that has approximately 4,500 operational and corporate employees.
The cyberattack on FRV occurred on December 15, 2022, and despite the widespread and ongoing IT outages it has caused, the agency’s emergency response services have not been impacted.
“The incident affected a number of our internal servers, including our email system,” explains FRV in an announcement on its site.
In addition to disrupting the agency’s IT system, the hackers have also stolen data from FRV’s computers, including information about current and former employees, contractors, secondees, and job applicants.
The agency notified the Office of the Australian Information Commissioner about the incident on January 6, 2023, disclosing the preliminary results of its ongoing internal investigation.
According to parts of the notice that were made public, the hackers have stolen the following information on FRV staff and applicants:
- Full Name
- Address (current and previous)
- Email address (current and previous)
- Phone number (current and previous)
- Date of birth
- Health information
- Sensitive information such as information about sexual orientation, race, disability, religion, qualifications, employment history, criminal history, and political or religious views.
- Bank account details (BSB, account name, and number)
- Superannuation details
- Government-issued identity information
- Driver’s license details
- Passport details
- Tax File numbers
- Birth, death, and marriage certificates
In addition to the above, because the hackers accessed the agency’s email system, which remains offline, they may also have accessed or stolen sensitive email communications.
FRV is warning all employees and everyone else who previously applied for a job to be vigilant against targeted phishing emails or SMS texts.
Furthermore, the organization recommends that staff reset their passwords and enable MFA to protect their accounts further. If staff use their FRV password on other sites, they should also reset them.
Attack claimed by Vice Society Ransomware
This data breach notifications comes after the Vice Society ransomware gang claimed to be behind the attack on Fire Rescue Victoria and indicated they would start leaking stolen data.
On January 10th, an entry for Fire Rescue Victoria appeared on Vice Ransomware’s Tor data leak site, with a link to allegedly stolen data.
However, this link currently does not work, granting the fire rescue organization a likely unintended reprieve from their data becoming public.
While some ransomware operations have policies against targeting emergency services and healthcare entities, Vice Society tends to attack any entity they can breach.
These victims include various industries, including the education, healthcare, and local government sectors.
The ransomware operation launched in January 2021, when they began utilizing other ransomware gang’s malware as part of their attacks, including BlackCat, QuantumLocker, Zeppelin, a Vice Society-branded variant of Zeppelin ransomware, and Hello Kitty encryptors.
More recently, the threat actors have switched to a new custom encryptor that researchers have dubbed ‘PolyVice.’
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.